If you take your Internet access for granted, you might wake up one day in July to find that you can no longer connect to the online world. No, the Internet itself isn’t going anywhere. But, systems compromised by DNS Changer will find that their computers no longer know how to reach the Web.
DNS Changer is malware. It originated a number of years ago, and--as the name implies--it changes DNS.
What’s DNS? OK. Let’s take a step back for a brief explanation.
DNS stands for Domain Name Service (or Server). In a nutshell, computers don’t speak English and they have no idea what “pcworld.com” or “microsoft.com” are. The way information is routed across the Internet is by IP address, and DNS is the translator that converts the Web destination to its associated IP address so the content from “pcworld.com” can magically show up on the display.
The DNS Changer malware hijacked the DNS settings of compromised computers. The Web requests would go to the DNS Changer servers, and instead of translating to the actual IP address of the site, DNS Changer would send victims to other websites instead. These other websites might phishing sites trying to dupe users out of personal or sensitive information, ad spam sites that generate revenue for the attackers simply from the traffic from the compromised systems, or malicious sites that infect the computers with other nasty stuff.
The United States Federal Bureau of Investigation (FBI) took down the DNS Changer botnet last year. However, with an estimated 500,000 compromised Windows and Mac OS X machines in the United States alone--and over four million worldwide--authorities decided it would be wise not to simply pull the plug. Instead, they turned the DNS Changer botnet servers into legitimate DNS servers so compromised systems could use the Web safely.
Maintaining the DNS servers costs money, though, and was only intended as a temporary Band-aid to give companies and consumers impacted by DNS Changer time to remove the malware and begin using their own designated DNS servers once again. On July 9, the DNS Changer servers will be shut down, and any systems still using them will no longer be able to reach websites. The DNS Changer Working Group (DCWG) estimates that there are still 350,000 active victims.
Most current antimalware software will detect and remove DNS Changer. If you want to make sure your system isn’t compromised, you can use the DNS Changer Check-Up tool. It doesn’t require any software to be downloaded or installed--just visit the site to see if your system is clean or compromised.
If your computer is compromised, you need to clean it up and get back to using legitimate Web servers before July 9. The DCWG site provides a list of tools you can use to remove DNS Changer and fix your system.
Now, if you wake up on July 9 and your computer can’t access any websites, you have nobody to blame but yourself.
This story, "Why Your Internet Might Disappear This Summer" was originally published by BrandPost.